General

  • Target

    c0d60a2292ca99cd81303ccfa5b31a70.exe

  • Size

    449KB

  • Sample

    201120-wwybyp72r6

  • MD5

    c0d60a2292ca99cd81303ccfa5b31a70

  • SHA1

    0ac5373d16f0e2926948e800f57652718ca1b7fb

  • SHA256

    86109009a1d1033676de2ac895bdfe4d246837a2db24a339a83de8077581f567

  • SHA512

    89c0bb9ab8683ea44f93d567fd9441423d4bb27c4ab44c7ded77e7bb5a04e0d9ed9fc173d1fb346e161e372d9e0b7b0ba83b7aa44bc0add751f9511372f69f01

Score
7/10

Malware Config

Targets

    • Target

      c0d60a2292ca99cd81303ccfa5b31a70.exe

    • Size

      449KB

    • MD5

      c0d60a2292ca99cd81303ccfa5b31a70

    • SHA1

      0ac5373d16f0e2926948e800f57652718ca1b7fb

    • SHA256

      86109009a1d1033676de2ac895bdfe4d246837a2db24a339a83de8077581f567

    • SHA512

      89c0bb9ab8683ea44f93d567fd9441423d4bb27c4ab44c7ded77e7bb5a04e0d9ed9fc173d1fb346e161e372d9e0b7b0ba83b7aa44bc0add751f9511372f69f01

    Score
    7/10
    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • JavaScript code in executable

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks